Make infinite loops a critical error; add infinite loop check on hack attack

lang/EN/critical_error.ini

@@ -358,7 +358,7 @@ _MISSING_PUBLIC_KEY=The public key for version {1} of the software (<kbd>data_cu
 _CORRUPT_PUBLIC_KEY=The public key for version {1} of the software (<kbd>data_custom/keys/telemetry-{1}.pub</kbd>) is corrupt.
 INVALID_TELEMETRY_DATA=Invalid telemetry data passed for decryption.
 INTEGER_OVERFLOW_TIME=An integer overflow was encountered with a provided date/time. The date/time was changed to the maximum supported value.
-INFINITE_LOOP_HALTED=A potential infinite loop was halted, codename <kbd>{1}</kbd>.
+INFINITE_LOOP_HALTED=A potential infinite loop has been halted (codename <kbd>{1}</kbd>). This has been logged for staff. Please do not refresh this page as it could indicate a significant software or website bug.
 
 HTTP_REDIRECT_PROBLEM=A problem has been detected with your web server (HTTP code of &ldquo;{3}&rdquo;) that may cause your forms to fail. Some servers are poorly configured, and invisibly redirect traffic from one URL to another, and this invisible redirection results in lost submitted form data. Try changing your base URL{1} so that it {2}.
 _WITH_WWW=doesn't contain &ldquo;<kbd>www.</kbd>&rdquo;

sources/critical_errors.php

@@ -166,6 +166,9 @@ if (!function_exists('critical_error')) {
             case 'CRIT_LANG':
                 $error = '<div>The most basic critical error language file (lang/' . fallback_lang() . '/critical_error.ini) is missing. It is likely that other files are also, for whatever reason, missing from this installation.</div>';
                 break;
+            case 'INFINITE_LOOP':
+                $error = '<div>A potential infinite loop in the software was halted (codename <kbd>' . htmlentities($relay) . '). This error has been logged. Please do not refresh this page as it could indicate a significant software or website bug.</div>';
+                break;
         }
 
         global $SITE_INFO;

sources/failure.php

@@ -607,6 +607,9 @@ function _log_hack_attack_matches(array $specifier, string $reason, string $reas
  */
 function _log_hack_attack_and_exit(string $reason, string $reason_param_a = '', string $reason_param_b = '', int $risk_score = 10)
 {
+    // It is possible on warn_exit we trigger another hack attack (e.g. GET/POST related hacks). We must stop this infinite loop scenario.
+    check_for_infinite_loop('_log_hack_attack_and_exit', [$reason], 1);
+
     // Default control settings
     $silent_to_user = false;
     $silent_to_staff_notifications = false;
@@ -1404,6 +1407,7 @@ function die_html_trace(string $message)
  */
 function put_value_in_stack_trace($value) : string
 {
+    set_throw_errors(true);
     try {
         if ($value === null) {
             $_value = gettype($value);
@@ -1444,6 +1448,7 @@ function put_value_in_stack_trace($value) : string
     } catch (Exception $e) { // Can happen for SimpleXMLElement or PDO
         $_value = '...';
     }
+    set_throw_errors(false);
 
     global $SITE_INFO;
     $site_info_keys = ['db_site_password', 'db_forums_password', 'maintenance_password', 'master_password', 'admin_password', 'mysql_root_password'];
@@ -1463,6 +1468,12 @@ function put_value_in_stack_trace($value) : string
  */
 function get_html_trace() : object
 {
+    static $already_traced = false;
+
+    if ($already_traced) {
+        return new Tempcode();
+    }
+
     require_code('templates');
 
     push_suppress_error_death(true);

sources/global3.php

@@ -5894,7 +5894,7 @@ function check_for_infinite_loop(string $codename, array $args, int $allowed_ite
     // Increment count and handle if we surpassed the allowed number of iterations
     $CHECK_FOR_INFINITE_LOOP[$codename][$hash]++;
     if ($CHECK_FOR_INFINITE_LOOP[$codename][$hash] > $allowed_iterations) {
-        require_lang('critical_error');
-        warn_exit(do_lang_tempcode('INFINITE_LOOP_HALTED', escape_html($codename)));
+        require_code('critical_error');
+        critical_error('INFINITE_LOOP', $codename, true);
     }
 }